CN112367305A - Privacy block chain-based vehicle networking protection method and mobile terminal - Google Patents

Privacy block chain-based vehicle networking protection method and mobile terminal Download PDF

Info

Publication number
CN112367305A
CN112367305A CN202011142460.XA CN202011142460A CN112367305A CN 112367305 A CN112367305 A CN 112367305A CN 202011142460 A CN202011142460 A CN 202011142460A CN 112367305 A CN112367305 A CN 112367305A
Authority
CN
China
Prior art keywords
identity
user
service provider
data
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011142460.XA
Other languages
Chinese (zh)
Other versions
CN112367305B (en
Inventor
孔庆磊
尹峰
崔曙光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chinese University of Hong Kong CUHK
Original Assignee
Chinese University of Hong Kong CUHK
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chinese University of Hong Kong CUHK filed Critical Chinese University of Hong Kong CUHK
Priority to CN202011142460.XA priority Critical patent/CN112367305B/en
Priority to PCT/CN2020/127985 priority patent/WO2022082893A1/en
Publication of CN112367305A publication Critical patent/CN112367305A/en
Application granted granted Critical
Publication of CN112367305B publication Critical patent/CN112367305B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3033Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Power Engineering (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The application provides a vehicle networking protection method and a mobile terminal based on a privacy block chain, and the method comprises the following steps: carrying out initialization processing based on a homomorphic encryption algorithm; acquiring service request stage information between a user and a service provider; collecting data between the user and the service provider based on a blockchain technique; the data inquiry of the service provider to the user is realized based on the careless transmission protocol. The system is initialized based on a homomorphic encryption algorithm, data are published to ensure the confidentiality of the published data on a block chain, information between a user and a service provider is acquired in a service request stage, data between the user and the service provider are collected based on a block chain technology in a data query stage, a target ciphertext is acquired by utilizing an inadvertent transmission protocol at a data acquisition end, the data query of the user by the service provider is realized, and the data privacy of the Internet of vehicles and the accuracy of data verification can be ensured.

Description

Privacy block chain-based vehicle networking protection method and mobile terminal
Technical Field
The application relates to the technical field of vehicle networking, in particular to a vehicle networking protection method based on a privacy block chain and a mobile terminal.
Background
In recent years, with respect to the security and privacy protection problems in the car networking and the vehicle-mounted sensor network, experts and scholars in the communication industry, computer science and expertise, and network security field have conducted a great deal of research work on the aspect of protecting the car networking security and the data privacy related thereto. Data values collected by the vehicle-mounted sensors are related to geographic position and time information, and the position information comprises personal sensitive information of users, such as work and home addresses, personal preference and habit and social relations. In the existing research, the following key technologies are mainly covered aiming at the data privacy protection problem in the car networking architecture:
1) anonymization techniques. The anonymous privacy protection technology requires that the distribution of the sensitive attribute values in all equivalence classes is the same as the probability distribution of all data in the data set, namely, when the sensitive attribute value of the target user does not change, an attacker cannot obtain privacy information from the data set.
2) Differential privacy techniques. The differential privacy technology aims to maximize the accuracy of data query results and simultaneously reduce the opportunity of identifying records of the data query results when the data set is queried. Namely, random noise is added to ensure that the data query is publicly visible, and the query result of the information is not changed by individuals.
3) Data encryption technology. Among many security policies, encryption techniques can ensure the security and privacy of data related between user devices or processes in a malicious environment. The existing encrypted data protection strategy mainly focuses on a data transmission stage, a data storage stage and a data processing stage.
The inventor of the present application found in long-term research and development that although it is possible to distribute and publish the car networking data collected by the vehicle-mounted sensors and achieve the purpose of tamper resistance in a decentralized manner through a block chain technology, for the identity privacy/location privacy sensitive data collected in the vehicle-mounted network: if all participants can directly view the data recorded in the blockchain public ledger, storing the car networking related data on the blockchain may result in privacy exposure of the related vehicles/users. Wherein data privacy disclosure includes two aspects: the first aspect is that the collected data of the vehicle is strongly related to the position information, and the personal privacy information such as the track mode, personal preference and health condition of the user can be deduced according to the position information; the second aspect is the association between the recorded data and the collection user, and the generation frequency of the data of a single collection user can still be deduced according to the association between the recorded data transaction in the block chain. Meanwhile, since the block chaining technique itself can guarantee the non-tamper property of the data but cannot guarantee the authenticity of the data, the participants of the system need to verify the accuracy of the recorded data in the chain.
Disclosure of Invention
The application provides a car networking protection method based on a privacy blockchain and a mobile terminal, and aims to solve the problems that in the prior art, car networking data based on a blockchain technology cannot guarantee privacy and cannot verify the accuracy of the data.
In order to solve the technical problem, the application adopts a technical scheme that: the method for protecting the internet of vehicles based on the privacy block chain comprises the following steps: carrying out initialization processing based on a homomorphic encryption algorithm; acquiring service request stage information between a user and a service provider; collecting data between the user and the service provider based on a blockchain technique; and realizing the data query of the service provider to the user based on the oblivious transmission protocol.
In order to solve the above technical problem, another technical solution adopted by the present application is: there is provided a mobile terminal comprising a processor and a memory coupled to each other, the memory being adapted to store a computer program, the processor being adapted to load the computer program and to execute it.
In order to solve the above technical problem, the present application adopts another technical solution: there is provided a computer storage medium having a computer program stored thereon for carrying out the steps of the method of any one of the preceding embodiments.
The beneficial effect of this application is: different from the prior art, the application provides a car networking protection method and a mobile terminal based on a privacy zone block chain, and the method comprises the following steps: carrying out initialization processing based on a homomorphic encryption algorithm; acquiring service request stage information between a user and a service provider; collecting data between the user and the service provider based on a blockchain technique; the data inquiry of the service provider to the user is realized based on the careless transmission protocol. The system is initialized based on a homomorphic encryption algorithm, data are published to ensure the confidentiality of the data published on a block chain, information between a user and a service provider is acquired in a service request stage, the data between the user and the service provider is collected based on a block chain technology in a data query stage, a target ciphertext is acquired by utilizing an inadvertent transmission protocol at a data acquisition end, the data query of the user by the service provider is realized, and the problems that the privacy cannot be ensured and the accuracy of the data cannot be verified in the Internet of vehicles in the prior art are solved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the application, the drawings that are needed to be used in the description of the embodiments are briefly introduced below, it is obvious that the drawings in the following description are only some embodiments of the application, and other drawings can be obtained by those skilled in the art without inventive efforts, wherein:
FIG. 1 is a schematic flowchart of an embodiment of a method for protecting a vehicle networking based on a privacy zone block chain according to the present application;
FIG. 2 is a schematic flowchart of another embodiment of a method for protecting a vehicle networking based on a privacy zone block chain according to the present application;
FIG. 3 is a schematic structural diagram of a bloom filter for data storage;
FIG. 4 is a schematic diagram of the structure of a bloom filter when data query is performed;
fig. 5 is a schematic structural diagram of an embodiment of a mobile terminal according to the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any inventive step based on the embodiments in the present application, are within the scope of protection of the present application.
It should be noted that if descriptions related to "first", "second", etc. are provided in the embodiments of the present application, the descriptions of "first", "second", etc. are only used for descriptive purposes and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first", "second", may explicitly or implicitly include at least one of the feature. In addition, technical solutions between various embodiments may be combined with each other, but must be realized by a person skilled in the art, and when the technical solutions are contradictory or cannot be realized, such a combination should not be considered to exist, and is not within the protection scope of the present application.
Referring to fig. 1, fig. 1 is a schematic flowchart illustrating an embodiment of a car networking protection method based on a privacy zone block chain according to the present application. The method disclosed by the embodiment comprises the following steps:
s11: and carrying out initialization processing based on a homomorphic encryption algorithm.
Homomorphic Encryption technology (Homomorphic Encryption) has an additive Homomorphic attribute and a multiply Homomorphic attribute.
The additive homomorphism attribute means that the product of two ciphertexts will be decrypted to the sum of their corresponding plaintexts, which can be expressed by equation (1):
D(E(m1)*E(m2)mod n2)=m1+m2mod n
(1)
wherein m is1As the first plaintext, m2In the second plain text, E is an encryption function, D is a decryption function, and n is two large prime numbers p1、p 2The product of (a).
The number-times homomorphic attribute is available, and equation (2) represents:
Figure BDA0002737594740000061
with homomorphic encryption techniques, operating in the ciphertext domain is equivalent to operating in the plaintext domain. This property enables data processing, analysis, retrieval, etc. of the ciphertext domain. Namely, the operation can still be carried out on the corresponding plaintext under the condition of not decrypting any ciphertext, so that the encrypted information can still be deeply and infinitely analyzed and processed.
The system initialization terminal performs initialization processing based on a homomorphic encryption algorithm, and can obtain information such as a public key and a private key required in a block chain.
Blockchain technology (Blockchain), the Blockchain is mainly composed of three parts, including transaction, block and consensus mechanisms.
Transaction (Transaction): refers to an operation on the ledger, resulting in a change of state in the ledger (e.g., adding a transfer record). Transactions are only possible between users who are designated with the private key signature of the respective user. The transaction record is stored in the block and must not be altered or forged after being confirmed by the authentication process. To complete the transaction, it requires some time to be approved via proof of consensus mechanisms.
Block (Block): the recording of transaction and status results, etc. that occur over a period of time is a consensus on the current ledger status. The blocks are connected in sequence according to the transaction history. Each block has information linked to the preceding and following blocks, so that it is easy to determine whether tampering has occurred. The tampered block disappears from the network after the confirmation process.
Consensus mechanism (Consensus): there are many ways to achieve block chain consensus, such as:
POW (Proof of Work), a means of protecting a computer system from malicious connexors attempting to attack the system by intentionally causing all individuals wishing to connect to the computer system to perform time consuming tasks.
POS (Proof of rights), i.e. a way of proving rights, is not to consume computer resources but to generate blocks through their own rights (wake).
PBFT (Practical Byzantine Fault-tolerant algorithm) is an algorithm developed for a distributed system execution environment in which state machine copy is dominant, and is intended to allow most honest nodes in the system to cover the behavior of malicious or invalid nodes.
S12: service request phase information between a user and a service provider is obtained.
In the service request phase, a user requests a service from a service provider, the user is verified based on the encrypted signature scheme of the identity, and when the verification result is correct, the service provider receives the service request of the user.
S13: data between the user and the service provider is collected based on a blockchain technique.
In the data collection stage, the block chain technology based on the equity certification as a consensus mechanism is utilized to distribute the aggregation result of the ciphertext data and the signature of the driving behavior of the user. Vehicle data in the block chain are encrypted and issued, and when the block is generated, the participating generation nodes ensure the correctness of the issued data through signature verification.
S14: the data inquiry of the service provider to the user is realized based on the careless transmission protocol.
In the data query stage, the service provider can query the data recorded by the user on the block chain, and obtain the verification aggregation result by using the oblivious transmission protocol, so that the service provider can query the data of the user.
The application provides a car networking protection method based on a privacy block chain, which comprises the following steps: carrying out initialization processing based on a homomorphic encryption algorithm; acquiring service request stage information between a user and a service provider; collecting data between the user and the service provider based on a blockchain technique; the data inquiry of the service provider to the user is realized based on the careless transmission protocol. The system is initialized based on a homomorphic encryption algorithm, data are published to ensure the confidentiality of the published data on a block chain, information between a user and a service provider is acquired in a service request stage, data between the user and the service provider are collected based on a block chain technology in a data query stage, a target ciphertext is acquired by utilizing an inadvertent transmission protocol at a data acquisition end, the data query of the user by the service provider is realized, and the data privacy of the Internet of vehicles and the accuracy of data verification can be ensured.
On the basis of the foregoing embodiments, please refer to fig. 2, and fig. 2 is a schematic flowchart of another embodiment of a method for protecting a car networking based on a privacy zone block chain according to the present application. The method disclosed by the embodiment comprises the following steps:
s21: and carrying out initialization processing based on a homomorphic encryption algorithm.
In the present embodiment, an Identity-based Signature technique (IBS) is used.
In a conventional Public Key Infrastructure (PKI), security system guarantee between a Public Key and a user identity is implemented by a certificate, which essentially signs a user with an authority. However, there are a number of issues associated with this management architecture related to certificate management: certificate revocation, certificate storage and certificate distribution, etc., which can consume significant bandwidth and computing resources.
The design goal of the identity-based cryptographic algorithm is to ensure the security of information exchange and verify the mutual signature without exchanging public and private keys, saving a key directory and providing authentication service by a third party. The identity-based signature scheme is a set of polynomial time algorithms with security parameter k, available as formula (3)
Represents:
IBS=
(Setup,KeyGen,Sign,Verify)
(3)
where Setup is a security parameter of input k bits, generating a master public/private key pair (mpk, msk). KeyGen is the input msk and the identity id e {0, 1}*A private key usk corresponding to the user id is returned and sent to the user securely. Sign is the input key usk and the message m ∈ {0, 1}*A signature σ for the message m is returned. Verify is the inputs mpk, id, m and σ if σ is valid for id, m; then 1 is returned, otherwise 0 is returned.
In one embodiment, the method includes the following steps S211 to S216:
s211: presetting a first security parameter, initializing a homomorphic encryption system by a trusted authority to generate two large prime numbers, and calculating a public key according to the two large prime numbers.
Based on a given first security parameter k, a trusted authority generates two large prime numbers p by initializing a Modified (improved) Paillier homomorphic encryption system1,p2Calculating a public key (n ═ p)1*p2,g=μ2mod n2) Where μ e
Figure BDA0002737594740000101
Mu is a random number, g is an element,
Figure BDA0002737594740000102
representing a modulus of n2The limited exchange group.
S212: and presetting a second safety parameter to generate a bilinear parameter.
Based on another given second security parameter k1Generating bilinear parameters: (q, P, G)T,H,e)。
S213: and generating a system public key, an identity-based private key and a system public parameter according to the hash function and a preset system private key.
Selecting a hash function
Figure BDA0002737594740000111
Wherein the content of the first and second substances,
Figure BDA0002737594740000112
a finite exchange group, denoted modulo q, is represented. Selecting a random number
Figure BDA0002737594740000113
As a system private key and generates a system public key pks=gsE.g. G. The identity-based private key is computed,
Figure BDA0002737594740000114
the output system disclosure parameter is
Figure BDA0002737594740000115
G,GTAll are multiplication cyclic groups with the order q, q is a large prime number; p is a generator of G; pksIs the system public key; gsPerforming exponential operation; idtIs an identity identifier of the trusted authority; e is a bilinear mapping operation.
S214: a bloom filter is generated.
Bloom Filter (Bloom Filter) is a spatially efficient random data structure that uses bit arrays to represent a set very compactly and to determine whether an element belongs to the set.
Referring to fig. 3 and fig. 4 together, fig. 3 is a schematic structural diagram of a bloom filter for data storage, and fig. 4 is a schematic structural diagram of the bloom filter for data query. The bit string length is b and the number of hash functions H is k.
Data storage: in the initial state, the Bloom Filter is a bit array including m bits, and each bit is set to 0. To express S ═ x1,x2,…,xnSuch a set of n elements, Bloom Filter uses k mutually independent hash functions that map each element in the set into a range of {1, 2, …, m }, respectively. For any element x, the position h mapped by the ith hash functioni(x) Will be set to 1 (1. ltoreq. i.ltoreq.k). Note that if a position is set to 1 multiple times, it will only work for the first time. For example, in fig. 2, two hash functions select the same bit position (fifth bit from left).
Data query: when judging whether y belongs to the set, the hash function is applied to the element y for k times, and if all h belongs to the set, the hash function is applied to the element y for k timesi(y) is set to 1(1 ≦ i ≦ k), then we consider y to be an element in set S, otherwise we consider y not to be an element in the set. Y in FIG. 31Or not an element of the collection. y is2Then belong to this set with a certain false alarm probability.
S215: a service provider public key and a service provider private key between the trusted authority and the service provider identity are generated.
The trusted authority sends the first private key based on the identity of the service provider to the first private key based on the identity of the service provider, and the first random number is used as a second private key to generate a first public key. The service provider identity secrets the selected first secret random number.
In particular for one service provider ida(identity), the trusted authority computes a first private identity-based key,
Figure BDA0002737594740000131
and will be
Figure BDA0002737594740000132
Send to service provider ida. At the same time, a first random number is selected
Figure BDA0002737594740000133
As a second private key and generates a first public key
Figure BDA0002737594740000134
Service provider id, on the other handaSecretly selecting a random number ta
S216: a user public key and a user private key between the trusted authority and each user are generated.
And generating a series of anonymous functions and anonymous identities based on the hash chain. The user identity sends the anonymous identity to a trusted authority to generate a first signature. And the user identity acquires a third identity-based private key sent by the trusted authority. The user identity uses the second random number as a fourth private key and generates a second public key associated with the fourth private key.
In particular, for each user idvGenerating a series of anonymous H by using a hash chainm(si)=H(H(…H(si) ))) and generate an anonymous identity pidi,j=Hm+1-j(si) J ∈ {1, 2, …, m }, where m is the length of the hash chain. At the same time, the user will have an anonymous identity pidi,1Sending to trusted authority, and generating first signature σi=pidi,j/(s+H(idt) P ∈ G. On the other hand, the trusted authority uses the third private key
Figure BDA0002737594740000135
And sending the data to the user. User idiSelecting a second random number
Figure BDA0002737594740000136
As a fourth private key and generates a corresponding second public key
Figure BDA0002737594740000137
S22: service request phase information between a user and a service provider is obtained.
In one embodiment, the method comprises the following steps S221 to S224:
s221: and the user identity generates a first signature pair according to the anonymous identity and the third random number, and generates a service request message according to the first signature pair.
When the user idiWanted to facilitator idaUser id when requesting serviceiUsing anonymous identities pidi,jSelecting a third random number
Figure BDA0002737594740000141
Generating a corresponding first signature pair
Figure BDA0002737594740000142
As shown in equation (4):
Figure BDA0002737594740000143
user idiGenerating and transmitting service request messages
Figure BDA0002737594740000144
To service provider ida
S222: the user identity sends a service request message to the service provider identity.
User idiGenerating and transmitting service request messages
Figure BDA0002737594740000145
To service provider ida
S223: and verifying the anonymous identity and the correctness of the first signature by the user identity, and performing bilinear calculation to obtain a calculation result.
User idiVerification (pid)i,j,σi) And calculating the formula (5):
Figure BDA0002737594740000146
s224: if the calculation result is correct, the service provider identity receives the service request.
If equation (5) is calculated correctly, the facilitator idaAnd receiving a service request sent by the user identity.
S23: data between the user and the service provider is collected based on a blockchain technique.
In one embodiment, the method includes the following steps S231 to S238:
s231: and the user identity selects the fourth random number to generate a ciphertext so as to encrypt the vehicle data.
For encrypting vehicle dataiUser idiSelecting a fourth random number
Figure BDA0002737594740000151
Generating a ciphertext as shown in equation (6):
Figure BDA0002737594740000152
s232: and the user identity selects a fifth random number to generate a second signature pair of the vehicle data so as to ensure the correctness of the vehicle data.
In order to guarantee dataiCorrectness of (1), user idiSelecting a random number
Figure BDA0002737594740000153
And generating a second signature pair, as shown in equation (7):
Figure BDA0002737594740000154
s233: the user identity sends the second signature pair to the vehicle identity and verifies the authenticity of the second signature pair.
User idiSign a signature
Figure BDA0002737594740000155
Send to vehicle idvAs shown in equation (8), and verifies its authenticity:
Figure BDA0002737594740000156
s234: and the vehicle identity generates a vehicle message according to the ciphertext and the second signature pair, and sends the vehicle message to the service provider identity.
When the verification result is true, the vehicle idvGenerating a vehicle message from the ciphertext and the second signature pair
Figure BDA0002737594740000161
And will beIt passes to the facilitator ida
S235: the service provider identity pair anonymous identity and the second signature pair are merged.
Service provider idaMerging anonymous identities pidi,jAnd dataiAs shown in equation (9):
Figure BDA0002737594740000162
s236: the service provider identity collects vehicle data for at least one user identity, publishes the vehicle data and the second signature for the at least one user identity on the tile based on an oblivious transfer protocol, and the service provider identity inserts an anonymous identity for the at least one user identity into the bloom filter.
Service provider idaVehicle data of k users are collected, and the vehicle data and signatures of the users are distributed on a block by using an OT (infrastructure Transfer) protocol, and meanwhile, the service provider id is used for distributingaAnonymous insertion of k users into a bloom filter BFaAnonymous data retrieval is performed by a bloom filter. Wherein, the bloom filter carries out the positioning of the primary user, and the OT protocol carries out the content acquisition.
S237: the service provider identity generates a new transaction at each vehicle data distribution cycle and sends the transaction to the service provider identity.
At each data distribution cycle, the service provider idaA new transaction is generated and sent to all facilitators, as shown in table one, where c is the user cryptogram. The transaction includes a first principal including a first timestamp and a service provider identity.
Watch 1
Figure BDA0002737594740000172
S238: the service provider identity generates a new tile using a consensus mechanism.
All the servers use the consensus mechanism to generate new blocks as shown in table two. The block includes a second principal that includes a second timestamp, a primary facilitator identity, a front block digest, and a proof of rights.
Watch two
Figure BDA0002737594740000171
S24: the data inquiry of the service provider to the user is realized based on the careless transmission protocol.
In one embodiment, the method comprises the following steps S241 to S242:
s241: the service provider identity inserts the past anonymous identity of the queried user into the blockchain to obtain at least one past transaction.
E.g. service provider idbWant to query given user idiData recorded on the chain, service provider idbFirst using the user idiPast anonymity of { pid }i,1,......,pidi,jInsert blockchain and find the corresponding transaction.
S242: and obtaining at least one ciphertext group and signature group associated with the past transaction based on the oblivious transmission protocol, and obtaining and verifying an aggregation result.
Obtaining corresponding cipher text by utilizing careless transmission protocol
Figure BDA0002737594740000181
And corresponding signature
Figure BDA0002737594740000182
And obtaining and verifying the aggregate junction
Figure BDA0002737594740000183
According to the technical scheme disclosed in the application, in order to realize privacy acquisition and data aggregation of vehicle-mounted sensor data, a cryptographic signature scheme based on a Modified Paillier homomorphic encryption algorithm and an identity is designed, and privacy data protection and verifiability of vehicle data are realized. Meanwhile, according to the aggregation result, the driving behavior and habit of a user can be reflected; and issuing the ciphertext data of the driving behavior of the user and the aggregation result of the signature by using a block chain technology based on the rights and interests certification as a consensus mechanism, and ensuring the correctness of the issued data by the participating generation nodes through signature verification when the blocks are generated.
For the car networking blockchain scene, the following technical effects are achieved: firstly, data recorded on a blockchain needs to keep the confidentiality of the data in the blockchain on one hand, so that the privacy of shared data content is guaranteed; secondly, the authenticity of shared data on the block chain is ensured because the vehicle networking data is related to the benefits of clients in traffic safety; third, the data of the target producer can be found on the blockchain without revealing the data producer.
The embodiment publishes the data based on the homomorphic encryption algorithm, so that the confidentiality of the published data on the chain can be ensured; verifying the correctness of the issued data by utilizing an identity-based encryption signature scheme; anonymous data retrieval is carried out through a bloom filter; and acquiring the target ciphertext by using the oblivious transmission protocol.
The application provides a car networking protection method based on a privacy block chain, which comprises the following steps: carrying out initialization processing based on a homomorphic encryption algorithm; acquiring service request stage information between a user and a service provider; collecting data between the user and the service provider based on a blockchain technique; the data inquiry of the service provider to the user is realized based on the careless transmission protocol. The system is initialized based on a homomorphic encryption algorithm, data are published to ensure the confidentiality of the published data on a block chain, information between a user and a service provider is acquired in a service request stage, data between the user and the service provider are collected based on a block chain technology in a data query stage, a target ciphertext is acquired by utilizing an inadvertent transmission protocol at a data acquisition end, the data query of the user by the service provider is realized, and the data privacy of the Internet of vehicles and the accuracy of data verification can be ensured.
In response to the above method, the present application provides a mobile terminal, please refer to fig. 5, and fig. 5 is a schematic structural diagram of an embodiment of the mobile terminal of the present application. The mobile terminal 100 disclosed in the present application comprises a memory 12 and a processor 14 coupled to each other, wherein the memory 12 is used for storing a computer program, and the processor 14 is used for executing the computer program to implement the steps of the method of any one of the above embodiments.
Specifically, processor 14 is configured to:
and carrying out initialization processing based on a homomorphic encryption algorithm.
Service request phase information between a user and a service provider is obtained.
Data between the user and the service provider is collected based on a blockchain technique.
The data inquiry of the service provider to the user is realized based on the careless transmission protocol.
The mobile terminal 100 of the embodiment guarantees the privacy of the data of the internet of vehicles and the accuracy of the verification data.
In the several embodiments provided in the present application, it should be understood that the system, apparatus and method disclosed in the present application can be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules or units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, a network device, or the like) or a processor (processor) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above embodiments are merely examples and are not intended to limit the scope of the present disclosure, and all modifications, equivalents, and flow charts using the contents of the specification and drawings of the present disclosure or those directly or indirectly applied to other related technical fields are intended to be included in the scope of the present disclosure.

Claims (10)

1. A vehicle networking protection method based on a privacy block chain is characterized by comprising the following steps:
carrying out initialization processing based on a homomorphic encryption algorithm;
acquiring service request stage information between a user and a service provider;
collecting data between the user and the service provider based on a blockchain technique;
and realizing the data query of the service provider to the user based on the oblivious transmission protocol.
2. The method of claim 1, wherein the step of performing initialization processing based on a homomorphic encryption algorithm comprises:
presetting a first security parameter, initializing a homomorphic encryption system by the trusted authority to generate two large prime numbers, and calculating a public key according to the two large prime numbers;
presetting a second safety parameter to generate a bilinear parameter;
generating a system public key, an identity-based private key and a system public parameter according to the hash function and a preset system private key;
generating a bloom filter;
generating a service provider public key and a service provider private key between the trusted authority and the service provider identity;
and generating a user public key and a user private key between the trusted authority and each user.
3. The method of claim 2, wherein generating a service provider public key and a service provider private key between the trusted authority and the service provider identity comprises:
the trusted authority sends a first private key based on identity of a service provider identity to generate a first public key by taking a first random number as a second private key;
the service provider identity secrets the selected first secret random number.
4. The method of claim 3, wherein generating a user public key and a user private key between the trusted authority and each of the users comprises:
generating a series of anonymous functions and anonymous identities based on the hash chain;
the user identity sends the anonymous identity to the trusted authority to generate a first signature;
the user identity acquires a third private key which is sent by the trusted authority and based on the identity;
the user identity uses a second random number as a fourth private key and generates a second public key associated with the fourth private key.
5. The method of claim 4, wherein the step of obtaining service request phase information between the user and the service provider comprises:
the user identity generates a first signature pair according to the anonymous identity and a third random number, and generates a service request message according to the first signature pair;
the user identity sending the service request message to the service provider identity;
the user identity verifies the correctness of the anonymous identity and the first signature, and bilinear calculation is carried out to obtain a calculation result;
and if the calculation result is correct, the service provider identity receives the service request.
6. The method of claim 5, wherein the step of collecting data between the user and the service provider based on a blockchain technique comprises:
the user identity selects a fourth random number to generate a ciphertext so as to encrypt the vehicle data;
the user identity selects a fifth random number to generate a second signature pair of the vehicle data so as to ensure the correctness of the vehicle data;
the user identity sends the second signature pair to a vehicle identity and verifies the authenticity of the second signature pair;
the vehicle identity generates a vehicle message according to the ciphertext and the second signature pair, and sends the vehicle message to the service provider identity;
merging the anonymous identity of the service provider identity pair and the second signature pair;
the service provider identity collecting the vehicle data for at least one of the user identities, publishing the vehicle data and the second signature for at least one of the user identities on a tile based on an oblivious transfer protocol, the service provider identity inserting an anonymous identity for at least one of the user identities into the bloom filter;
the service provider identity generates a new transaction in each vehicle data release period and sends the transaction to the service provider identity;
the service provider identity generates a new tile using a consensus mechanism.
7. The method of claim 6, wherein the transaction comprises a first principal comprising a first timestamp and the service provider identity; the block includes a second principal that includes a second timestamp, a primary facilitator identity, a front block digest, and a proof of rights.
8. The method of claim 1, wherein the step of enabling the service provider to query the user for data based on an oblivious transport protocol comprises:
the service provider identity inserts the queried past anonymous identity of the user into a blockchain to obtain at least one past transaction;
and obtaining at least one ciphertext group and signature group associated with the past transaction based on the oblivious transmission protocol, and obtaining and verifying an aggregation result.
9. A mobile terminal, characterized in that the mobile terminal comprises a processor and a memory coupled to each other, the memory being adapted to store a computer program, the processor being adapted to load the computer program and to execute it.
10. A computer storage medium having a computer program stored thereon, the computer program being adapted to perform the steps of the method of any one of claims 1 to 8.
CN202011142460.XA 2020-10-22 2020-10-22 Internet of vehicles protection method based on privacy block chain and mobile terminal Active CN112367305B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202011142460.XA CN112367305B (en) 2020-10-22 2020-10-22 Internet of vehicles protection method based on privacy block chain and mobile terminal
PCT/CN2020/127985 WO2022082893A1 (en) 2020-10-22 2020-11-11 Privacy blockchain-based internet of vehicles protection method, and mobile terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011142460.XA CN112367305B (en) 2020-10-22 2020-10-22 Internet of vehicles protection method based on privacy block chain and mobile terminal

Publications (2)

Publication Number Publication Date
CN112367305A true CN112367305A (en) 2021-02-12
CN112367305B CN112367305B (en) 2022-05-20

Family

ID=74511724

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011142460.XA Active CN112367305B (en) 2020-10-22 2020-10-22 Internet of vehicles protection method based on privacy block chain and mobile terminal

Country Status (2)

Country Link
CN (1) CN112367305B (en)
WO (1) WO2022082893A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112966022A (en) * 2021-03-10 2021-06-15 安徽航天信息科技有限公司 Information query method, device and system for data transaction platform
CN113515716A (en) * 2021-04-06 2021-10-19 湖北工业大学 Target pattern matching system and method with privacy protection function
CN114338038A (en) * 2021-12-27 2022-04-12 内蒙古科技大学 Memory system for block chain data secret inquiry and careless transmission method
CN114841818A (en) * 2022-04-18 2022-08-02 北京交通大学 Privacy protection customized car insurance bidding method based on cross-chain technology
CN115396148A (en) * 2022-07-22 2022-11-25 西安邮电大学 Privacy protection list query method, system, medium, equipment and terminal

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114867014B (en) * 2022-05-07 2024-04-19 华中师范大学 Internet of vehicles access control method, system, medium, equipment and terminal
CN114978620B (en) * 2022-05-07 2023-07-21 中移互联网有限公司 Encryption method and decryption method for identity identification number
CN114944953B (en) * 2022-05-20 2024-04-09 江苏大学 Certificate-free anonymous authentication method for road condition monitoring in Internet of vehicles environment
CN114978687B (en) * 2022-05-20 2024-04-09 江苏大学 Efficient anonymous authentication method based on blockchain technology in Internet of vehicles environment
CN114944914B (en) * 2022-06-01 2023-06-02 电子科技大学 Internet of vehicles data security sharing and privacy protection method based on secret sharing
CN115062063B (en) * 2022-07-28 2022-11-25 恒生电子股份有限公司 Data query method and device based on block chain
CN115426117B (en) * 2022-08-26 2024-04-26 湖南大学 Multisource aggregation query verification method
CN115118441B (en) * 2022-08-29 2022-11-04 中航信移动科技有限公司 Identity verification system based on block chain
CN115200603B (en) * 2022-09-13 2023-01-31 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) Navigation service privacy protection method and device based on homomorphic encryption and anonymous camouflage
CN116015738B (en) * 2022-12-05 2024-04-12 北京航空航天大学 Privacy-protected anonymous network node query method, device, equipment and medium
CN116170131B (en) * 2023-04-20 2023-07-14 浪潮(北京)电子信息产业有限公司 Ciphertext processing method, ciphertext processing device, storage medium and trusted execution device
CN116527276B (en) * 2023-05-16 2024-03-19 合肥工业大学 Efficient privacy protection method for traffic monitoring service of Internet of vehicles
CN117118592B (en) * 2023-10-25 2024-01-09 北京航空航天大学 Method and system for selecting Internet of vehicles client based on homomorphic encryption algorithm
CN117201019B (en) * 2023-11-03 2024-01-30 北京航空航天大学 Vehicle message verification method, system and storage medium based on blockchain

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101321080B1 (en) * 2012-06-22 2013-10-23 순천향대학교 산학협력단 Method of message batch verification scheme using bloom filter in vanet
US20150089236A1 (en) * 2013-09-24 2015-03-26 The Regents Of The University Of Michigan Real-Time Frame Authentication Using ID Anonymization In Automotive Networks
CN107347096A (en) * 2017-07-07 2017-11-14 安徽大学 A kind of location privacy protection method based on Cloud Server
CN110365485A (en) * 2019-06-20 2019-10-22 北京理工大学 A kind of privacy of user protection scheme of the about vehicle based on block chain
CN110375740A (en) * 2019-06-27 2019-10-25 香港中文大学(深圳) Automobile navigation method, device, equipment and storage medium
CN110677256A (en) * 2019-09-24 2020-01-10 东北大学 VPKI-based VANETs pseudonym revocation system and method
US10691754B1 (en) * 2015-07-17 2020-06-23 Hrl Laboratories, Llc STAGS: secure, tunable, and accountable generic search in databases

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101321080B1 (en) * 2012-06-22 2013-10-23 순천향대학교 산학협력단 Method of message batch verification scheme using bloom filter in vanet
US20150089236A1 (en) * 2013-09-24 2015-03-26 The Regents Of The University Of Michigan Real-Time Frame Authentication Using ID Anonymization In Automotive Networks
US10691754B1 (en) * 2015-07-17 2020-06-23 Hrl Laboratories, Llc STAGS: secure, tunable, and accountable generic search in databases
CN107347096A (en) * 2017-07-07 2017-11-14 安徽大学 A kind of location privacy protection method based on Cloud Server
CN110365485A (en) * 2019-06-20 2019-10-22 北京理工大学 A kind of privacy of user protection scheme of the about vehicle based on block chain
CN110375740A (en) * 2019-06-27 2019-10-25 香港中文大学(深圳) Automobile navigation method, device, equipment and storage medium
CN110677256A (en) * 2019-09-24 2020-01-10 东北大学 VPKI-based VANETs pseudonym revocation system and method

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
QINGLEI KONG: "Achieving Privacy-Preserving and Verifiable Data Sharing in Vehicular Fog With Blockchain", 《IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS(EARLY ACCESS)》 *
周俊等: "边缘计算隐私保护研究进展", 《计算机研究与发展》 *
王瑞锦等: "基于同态加密和区块链技术的车联网隐私保护方案", 《网络与信息安全学报》 *
苗云龙: "基于MD5-KNN的Wi-Fi室内定位算法研究", 《计算机应用研究》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112966022A (en) * 2021-03-10 2021-06-15 安徽航天信息科技有限公司 Information query method, device and system for data transaction platform
CN112966022B (en) * 2021-03-10 2024-04-05 安徽航天信息科技有限公司 Information query method, device and system of data transaction platform
CN113515716A (en) * 2021-04-06 2021-10-19 湖北工业大学 Target pattern matching system and method with privacy protection function
CN114338038A (en) * 2021-12-27 2022-04-12 内蒙古科技大学 Memory system for block chain data secret inquiry and careless transmission method
CN114841818A (en) * 2022-04-18 2022-08-02 北京交通大学 Privacy protection customized car insurance bidding method based on cross-chain technology
CN115396148A (en) * 2022-07-22 2022-11-25 西安邮电大学 Privacy protection list query method, system, medium, equipment and terminal
CN115396148B (en) * 2022-07-22 2024-04-12 西安邮电大学 Privacy-protected list query method, system, medium, equipment and terminal

Also Published As

Publication number Publication date
CN112367305B (en) 2022-05-20
WO2022082893A1 (en) 2022-04-28

Similar Documents

Publication Publication Date Title
CN112367305B (en) Internet of vehicles protection method based on privacy block chain and mobile terminal
Fan et al. A secure and verifiable data sharing scheme based on blockchain in vehicular social networks
Huang et al. Secure data access control with ciphertext update and computation outsourcing in fog computing for Internet of Things
Ullah et al. Elliptic Curve Cryptography; Applications, challenges, recent advances, and future trends: A comprehensive survey
JP5130318B2 (en) Certificate-based encryption and public key structure infrastructure
Huang et al. Achieving accountable and efficient data sharing in industrial internet of things
CN110430161B (en) Unsupervised data anonymous sharing method and system based on block chain
CN111863165B (en) Medical information sharing authentication method based on block chain
Li et al. Digital provenance: Enabling secure data forensics in cloud computing
Li et al. An unlinkable authenticated key agreement with collusion resistant for VANETs
CN110730064B (en) Data fusion method based on privacy protection in crowd sensing network
Wang et al. A pre-authentication approach to proxy re-encryption in big data context
Jiang et al. Anonymous and efficient authentication scheme for privacy-preserving distributed learning
Tseng et al. FGAC-NDN: Fine-grained access control for named data networks
Win et al. Privacy enabled digital rights management without trusted third party assumption
Hu et al. Achieving privacy preservation and billing via delayed information release
Malina et al. Efficient security solution for privacy-preserving cloud services
Zhang et al. Time and attribute based dual access control and data integrity verifiable scheme in cloud computing applications
Deng et al. Policy-based broadcast access authorization for flexible data sharing in clouds
Banaeian Far et al. A blockchain-based quantum-secure reporting protocol
Gowda et al. BPCPR-FC: blockchain-based privacy preservation with confidentiality using proxy reencryption and ring signature in fog computing environments
Liao et al. Security analysis of a certificateless provable data possession scheme in cloud
CN114697042A (en) Block chain-based Internet of things security data sharing proxy re-encryption method
Peng et al. A Secure Signcryption Scheme for Electronic Health Records Sharing in Blockchain.
Guo et al. A multi-factor combined data sharing scheme for vehicular fog computing using blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant